phpLinkat is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting phpLinkat. Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
It is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow an attacker to execute arbitrary commands with the privileges of the webserver. Additionally, an attacker may exploit this problem to view local webserver readable files.
Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the vulnerable module. Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
The ActiveX control that provides much of the functionality for the Windows Help Center contains an unchecked buffer. Successful exploitation could result in execution of arbitrary code in the security context of the current user.
MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file. Any remote user can view the contents of the HTML file to determine the administrator password.
MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file (news.php3). The injected code may then be executed by the attacker by requesting the 'news.php3' script.
phpWebSite is prone to cross-site scripting attacks. This vulnerability is due to insufficient sanitization of HTML tags from URI parameters processed by the 'article.php' script. As a result, an attacker may construct a malicious link to this script which contains arbitrary HTML and script code. When the malicious link is visited by a web user, the attacker-supplied code will be executed by their web client in the context of the site hosting the vulnerable software.
SurfControl SuperScout WebFilter Reports Server is prone to SQL injection attacks due to insufficient input validation on the part of some of the reports files, which are implemented as .dlls. This allows remote attackers to modify the logic of SQL queries, potentially resulting in database corruption or disclosure of sensitive information.
SurfControl SuperScout WebFilter Reports Server is prone to a directory traversal vulnerability which allows an attacker to break out of the root directory for the reporting service and browse the filesystem at large, disclosing arbitrary files that are readable by the Reports Server.
Midicart PHP is vulnerable to an arbitrary file upload vulnerability due to the lack of access control on files residing in the 'admin' folder. This vulnerability allows a remote attacker to upload arbitrary files to a vulnerable system.
Services By CQR